IPv6 Firewall on CPEs - Default on or off
Martin Millnert
martin at millnert.se
Wed Nov 28 14:31:14 CET 2012
Hi,
On Wed, 2012-11-28 at 21:51 +0900, Lorenzo Colitti wrote:
<snip>
> I think we all agree that if the ISP does not provide a CPE, then the
> ISP is not under responsibility to firewall.
s/firewall/allow inbound connections/
> Right? Because that's how it works in IPv4.
s/works/worked/
The future is private space, of course!
I really appreciate the good inputs in this thread. I'm currently in the
challenge of sketching up a new large residential network, and there's
a /22 IPv4 to do it. And limitless IPv6. All greenfield. Quite
funny. :)
CPE firewall or not has bearing on this case, though I'm proponing CPE
being in bridged mode (there's SVLAN:CVLAN separation of users).
Greenfield has some benefits here. There are 0 customers already in a
specific mode of operations (ie, no customers already behind
firewalling).
Asymmetry between IPv4 and IPv6 is given since IPv4 is out. It's
impossible to reconcile this to be "open/open". But I seriously wonder
if a single user will care, or notice?
Free.fr and others could really help with offering support desk
statistics on this: ie., does inbound open v6 cause cost? :)
Best,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20121128/ac863583/attachment.bin
More information about the ipv6-ops
mailing list